Distributors

Cisco Systems has patched a number of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a DOS (denial of service) attack against the products.

The router bug (http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml) affects all Cisco devices that use the company's IOS (Internetwork Operating System) software and that have enabled a little-known protocol called Stack Group Bidding Protocol (SGBP), which is used to help manage network access using Cisco devices.

This vulnerability probably does not affect a lot of Cisco users, because the SGBP is not widely used and devices that do not have the protocol enabled are not vulnerable, said Johannes Ullrich, chief research officer for the SANS Institute, a security training organization.

Call Manager users should apply these patches, but they should do so with caution, Ullrich said. "You should apply them because there are a couple of serious vulnerabilities there. But don't rush them," he said. "If your Call Manager breaks and your company is without phone service for a couple of days, it's not good."

Related Whitepapers

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.